Re: 5 mistakes new web developers often make

Adam B — Sat, 12 Jul 2008 23:17:52 -0000

Nice list. There are a few things I'd recommend in addition primarily for security. I've dealt primarily with PHP, but this can be applied to other systems as well.

On production, always disable error output. Send your error messages to logs, but don't ever output them to the browser. Error messages, in addition to being unprofessional, can reveal details about your architecture that no one really needs to know.

Second, ALWAYS filter and validate input. Assume every user is trying to destroy your server. Go with a white-list approach. If an input is supposed to be a numeric ID, make sure it's numeric only. Make sure to run input through sanitizing like mysql_real_escape_string(). And if you're doing queries, make sure that your web user has ONLY the privileges it needs - don't give it drop table access or anything. If you want to go further, use two web users - one for read that only has select access, and the write, which has select, insert, update, and delete. Only use the write user when you actually need it.

Finally, when configuring your server, make the docroot as limited as possible. That is, stuff like include files and template files (if you have them) should not be accessible through the server.

Hope these tips help!

Re: Customer Service Hell!! T-Mobile…Hot Spot? NOT!!!

Adam B — Wed, 20 Jun 2007 16:29:49 -0000

I used to be in customer service. And it did suck a lot sometimes. But I dealt. For everyone saying "I'm in customer service, and the guy who wrote this is a douche": you're all self-pitying assholes who try to elevate your shitty position in the world by belittling customers who you're paid to help.

It's your job to help, and if you can't even get that right, well, no wonder you're still working as a CSA.

Disqus - Latest Comments for Adam B

Re: 5 mistakes new web developers often make

Re: Customer Service Hell!! T-Mobile…Hot Spot? NOT!!!